OWASP Birmingham, UK

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

OWASP is a charitable organisation. Our chapter meetings are free to attend but there are always costs associated with running them. Any amount of donation is appreciated and will be used entirely to enhance the chapter meetings:

Date

Location

Tickets

Talks

SC magazine rising star award winner David Rook will be back in Birmingham to give this months first talk.

Windows Phone 7 platform and application security overview

Windows Phone 7 is the latest mobile operating system from Microsoft and is the youngest of all the major smartphone operating systems. Since it was released in late 2010 it has gained a small share of the smartphone market but this is likely to increase significantly with Nokia now using it as the OS for their flagship models.

The young age of the OS and the small market share size means there has been very little security research carried out against this platform so far. This means that developers and security professionals are working with this platform without a detailed understanding of the security features and potential shortcomings.

Security should be part of the DNA of any application which stores or transmits sensitive data but how many of the developers with published applications understand common mobile application security vulnerabilities and more importantly how many know how to prevent them in their own applications?

This presentation will detail the security features of Windows Phone 7 with an emphasis on how developers can produce Windows Phone 7 apps that are free from common mobile application security vulnerabilities.

This talk will start by looking at why we should care about mobile security, what the implications are for developers and security professionals and how mobile manufacturers and network operators are now a big part of your threat models and how their approach to security could undermine your application security efforts.

I will then focus on the security model and features of Windows Phone 7 and how these features compare to those found in the iOS and Android operating systems.

The final part of this talk will focus on the types of vulnerabilities seen in mobile applications over the past few years and how developers can ensure their Windows Phone 7 apps are free from these vulnerabilities. This will include reviews of insecure and secure code samples from real world applications.

This talk will arm developers and security professionals with an understanding of the Windows Phone 7 security features and the guidance they need to produce secure Windows Phone 7 apps.

This talk will include demonstrations of Windows Phone 7 security tools that I'm developing such as the Windows Phone App Analyser.

David Rook is the Application Security Lead at Realex Payments in Dublin. He is a contributor to several OWASP projects including the code review guide and the Cryptographic Storage Cheat Sheet. He has presented at leading information security conferences including DEF CON, BlackHat USA and RSA Europe. In addition to his work with OWASP David created a security resource website and blog called Security Ninja.

The Security Ninja blog was nominated for five awards including the best technology blog at the Irish Blog Awards, the Computer Weekly IT Security blog award and was a finalist for the Irish Web Awards Best Technology Site. In 2011 David received a Developer Security MVP award from Microsoft and the SC Magazine Rising Star 2012. David strives to practice what he preaches and has backed up his work experience by developing two open source security code review tools called Agnitio and the Windows Phone App Analyser.

Jamie Riden will be giving a short talk on web application honeypots, from history to current work and how they can be of use in researching current techniques of attackers, and in protecting web servers from exploitation even in the face of programming failures.

The talk will include a live demo of a honeypot

Jamie is a published security researcher, specifically in the field of honeypots. He is an active member of the Honeynet Project, having helped set up the current incarnation of the Project's web server, and has supervised students for various honeypot-related projects for the Google Summer of Code.

He has published several articles on the subject of honeypots, intrusion detection and incident response. He has contributed signatures to the community Snort signature project, http://www.emergingthreats.net/ and has written portions of code for the open source IDS, Suricata

Participate

If you'd like to present at one of our meetings then don't forget to fill in the speaker form